E-MailRelay
gsecrets.h
Go to the documentation of this file.
1//
2// Copyright (C) 2001-2024 Graeme Walker <graeme_walker@users.sourceforge.net>
3//
4// This program is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// This program is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with this program. If not, see <http://www.gnu.org/licenses/>.
16// ===
17///
18/// \file gsecrets.h
19///
20
21#ifndef G_AUTH_SECRETS_H
22#define G_AUTH_SECRETS_H
23
24#include "gdef.h"
25#include "gsaslserversecrets.h"
26#include "gsaslclientsecrets.h"
27#include "gsecretsfile.h"
28#include "gexception.h"
29#include "gpath.h"
30#include "gstringview.h"
31#include <memory>
32#include <utility>
33#include <string>
34
35namespace GAuth
36{
37 class Secrets ;
38 class SecretsFileClient ;
39 class SecretsFileServer ;
40}
41
42//| \class GAuth::Secrets
43/// Provides factory functions for client and server secrets objects.
44/// The implementation is based on GAuth::SecretsFile.
45///
47{
48public:
49 G_EXCEPTION( ClientAccountError , tx("invalid client account details") )
50
51 static void check( const std::string & client , const std::string & server , const std::string & pop ) ;
52 ///< Checks the given secret sources. Logs warnings and throws
53 ///< an exception if there are any fatal errors.
54
55 static std::unique_ptr<SaslServerSecrets> newServerSecrets( const std::string & spec ,
56 const std::string & log_name ) ;
57 ///< Factory function for server secrets. The spec is empty or
58 ///< a secrets file path or "/pam" or "pam:". The 'log-name' is
59 ///< used in log and error messages. Returns an in-valid() object
60 ///< if the spec is empty. Throws on error.
61
62 static std::unique_ptr<SaslClientSecrets> newClientSecrets( const std::string & spec ,
63 const std::string & log_name ) ;
64 ///< Factory function for client secrets. The spec is empty or a
65 ///< secrets file path or "plain:<base64-user-id>:<base64-pwd>".
66 ///< The 'log-name' is used in log and error messages. Returns
67 ///< an in-valid() object if the spec is empty. Throws on error.
68
69public:
70 Secrets() = delete ;
71} ;
72
73//| \class GAuth::SecretsFileClient
74/// A thin adapter between GAuth::SecretsFile and GAuth::SaslClientSecrets
75/// returned by GAuth::Secrets::newClientSecrets().
76///
78{
79public:
80 SecretsFileClient( const std::string & path_spec , const std::string & log_name ) ;
81 ///< Constructor. See GAuth::Secrets::newClientSecrets().
82
83 ~SecretsFileClient() override ;
84 ///< Destructor.
85
86public:
87 SecretsFileClient( const SecretsFileClient & ) = delete ;
89 SecretsFileClient & operator=( const SecretsFileClient & ) = delete ;
90 SecretsFileClient & operator=( SecretsFileClient && ) = delete ;
91
92private: // overrides
93 bool validSelector( std::string_view selector ) const override ;
94 bool mustAuthenticate( std::string_view selector ) const override ;
95 Secret clientSecret( std::string_view type , std::string_view selector ) const override ;
96
97private:
98 bool m_id_pwd ; // first
99 std::string m_id ;
100 std::string m_pwd ;
101 SecretsFile m_file ;
102} ;
103
104//| \class GAuth::SecretsFileServer
105/// A thin adapter between GAuth::SecretsFile and GAuth::SaslServerSecrets
106/// returned by GAuth::Secrets::newServerSecrets().
107///
109{
110public:
111 SecretsFileServer( const std::string & path , const std::string & log_name ) ;
112 ///< Constructor. See GAuth::Secrets::newServerSecrets().
113
115 ///< Destructor.
116
117public:
118 SecretsFileServer( const SecretsFileServer & ) = delete ;
119 SecretsFileServer( SecretsFileServer && ) = delete ;
120 SecretsFileServer & operator=( const SecretsFileServer & ) = delete ;
121 SecretsFileServer & operator=( SecretsFileServer && ) = delete ;
122
123private: // overrides
124 bool valid() const override ;
125 Secret serverSecret( std::string_view type , std::string_view id ) const override ;
126 std::pair<std::string,std::string> serverTrust( const std::string & address_range ) const override ;
127 std::string source() const override ;
128 bool contains( std::string_view type , std::string_view id ) const override ;
129
130private:
131 bool m_pam ; // first
132 SecretsFile m_file ;
133} ;
134
135#endif
An interface used by GAuth::SaslClient to obtain a client id and its authentication secret.
An interface used by GAuth::SaslServer to obtain authentication secrets.
Encapsulates a userid/shared-secret/hash-function tuple from the secrets file.
Definition: gsecret.h:44
A thin adapter between GAuth::SecretsFile and GAuth::SaslClientSecrets returned by GAuth::Secrets::ne...
Definition: gsecrets.h:78
~SecretsFileClient() override
Destructor.
SecretsFileClient(const std::string &path_spec, const std::string &log_name)
Constructor. See GAuth::Secrets::newClientSecrets().
Definition: gsecrets.cpp:86
A thin adapter between GAuth::SecretsFile and GAuth::SaslServerSecrets returned by GAuth::Secrets::ne...
Definition: gsecrets.h:109
~SecretsFileServer() override
Destructor.
SecretsFileServer(const std::string &path, const std::string &log_name)
Constructor. See GAuth::Secrets::newServerSecrets().
Definition: gsecrets.cpp:135
A class to read authentication secrets from file, used by GAuth::Secrets.
Definition: gsecretsfile.h:48
Provides factory functions for client and server secrets objects.
Definition: gsecrets.h:47
static std::unique_ptr< SaslServerSecrets > newServerSecrets(const std::string &spec, const std::string &log_name)
Factory function for server secrets.
Definition: gsecrets.cpp:72
static void check(const std::string &client, const std::string &server, const std::string &pop)
Checks the given secret sources.
Definition: gsecrets.cpp:64
static std::unique_ptr< SaslClientSecrets > newClientSecrets(const std::string &spec, const std::string &log_name)
Factory function for client secrets.
Definition: gsecrets.cpp:78
SASL authentication classes.
Definition: gcram.cpp:38
constexpr const char * tx(const char *p) noexcept
A briefer alternative to G::gettext_noop().
Definition: ggettext.h:84